-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathalec-website.nix
executable file
·86 lines (81 loc) · 2.09 KB
/
alec-website.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{
pkgs,
config,
lib,
alec-website,
...
}:
with lib;
let
cfg = config.custom.website.alec;
in
{
options = {
custom.website.alec = {
enable = mkEnableOption "Alec's website";
zone = mkOption {
type = types.str;
default = "${config.networking.domain}";
};
domain = mkOption {
type = types.str;
default = "alec.${config.networking.domain}";
};
cname = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
CNAME to create DNS records for.
Ignored if null
'';
};
};
};
config = mkIf cfg.enable {
security.acme-eon.nginxCerts = [ cfg.domain ];
security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ];
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
root = "${alec-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";
locations."/var/".extraConfig = ''
alias /var/${cfg.domain}/;
'';
extraConfig = ''
error_page 403 =404 /404.html;
error_page 404 /404.html;
# see http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
access_log /var/log/nginx/${cfg.domain}.log;
'';
};
"www.${cfg.domain}" =
let
certDir = config.security.acme-eon.certs.${cfg.domain}.directory;
in
{
forceSSL = true;
sslCertificate = "${certDir}/fullchain.pem";
sslCertificateKey = "${certDir}/key.pem";
sslTrustedCertificate = "${certDir}/chain.pem";
extraConfig = ''
return 301 https://${cfg.domain}$request_uri;
'';
};
};
};
eilean.services.dns.zones.${cfg.zone}.records = [
{
name = "${cfg.domain}.";
type = "CNAME";
value = cfg.cname;
}
{
name = "www.${cfg.domain}.";
type = "CNAME";
value = cfg.cname;
}
];
};
}